Maritime Blog

Humans Remain the Weak Link in Cybersecurity

We all make mistakes. We are all human, after all. When it comes to cybersecurity though, human interaction with an organization’s assets and systems can have major repercussions.

According to IBM, 60 percent of all cyberattacks are carried out by insiders, either ones with malicious intent or those who served as inadvertent actors. Despite instituting proper protections, organizations are still highly vulnerable and they should worry about where employees might fall on the “insider threat” spectrum.

Socially engineered threats circumvent many cybersecurity systems by preying on human error. They use psychological manipulation to push users into performing an action or providing information. Phishing, hacking and malware incidents account for most incidents related to human error. In the case of email attacks like phishing, this often involves clicking on an embedded link, downloading malware like ransomware or offering passwords and financial authorization. Phishing is particularly difficult to stop because digital natives, those who grew up accustomed to the rapid-fire response cadence of social media, are programmed to answer emails from their coworkers quickly. Accordingly, many fall prey to business emails that appear to come from management or another peer but in reality include a malicious payload. Ransomware attacks, in which perpetrators introduce malware that prevents or limits you from accessing your system until a ransom is paid, have increased by 500 percent year-over-year.

Specific to the maritime industry, 91 percent of Ship Security Officers said they don’t have the training to deal with cyber threats at sea. Additionally, less than 44 percent of maritime companies have a cybersecurity plan in place, where training would be a critical component. These figures are a bit startling for an industry where hacking is an increasingly critical issue. Politically motivated cyber criminals regularly attempt to bring the transportation industry to its knees to produce mass chaos scenarios. Meanwhile, others are motivated solely by financial gain.

Maritime companies need to go back to the basics, starting with proper training and planning of cyber defenses. Many employees simply are not aware of proper cyber management, how their actions can lead to a hacking incident, or how to deal with it should an event arises. Companies should, for example, teach their workforce what phishing scams look like and test employees’ readiness with fake phishing emails. Continuous training and awareness can deter such incidents at sea.

About Gnostech Inc.:
Gnostech Inc. is an applied engineering and consulting company with expertise in information assurance and cybersecurity engineering, and major combat and space systems development and integration. For more information, visit www.gnostech.com, or stay connected by following us on LinkedIn or @GnostechInc on Twitter.